act_skbmod.c source code [linux/net/sched/act_skbmod.c]

1	// SPDX-License-Identifier: GPL-2.0-or-later
2	/*
3	* net/sched/act_skbmod.c skb data modifier
4	*
5	* Copyright (c) 2016 Jamal Hadi Salim <jhs@mojatatu.com>
6	*/
7
8	#include <linux/module.h>
9	#include <linux/if_arp.h>
10	#include <linux/init.h>
11	#include <linux/kernel.h>
12	#include <linux/skbuff.h>
13	#include <linux/rtnetlink.h>
14	#include <net/inet_ecn.h>
15	#include <net/netlink.h>
16	#include <net/pkt_sched.h>
17	#include <net/pkt_cls.h>
18	#include <net/tc_wrapper.h>
19
20	#include <linux/tc_act/tc_skbmod.h>
21	#include <net/tc_act/tc_skbmod.h>
22
23	static struct tc_action_ops act_skbmod_ops;
24
25	TC_INDIRECT_SCOPE int tcf_skbmod_act(struct sk_buff *skb,
26	const struct tc_action *a,
27	struct tcf_result *res)
28	{
29	struct tcf_skbmod *d = to_skbmod(a);
30	int action, max_edit_len, err;
31	struct tcf_skbmod_params *p;
32	u64 flags;
33
34	tcf_lastuse_update(tm: &d->tcf_tm);
35	bstats_update(this_cpu_ptr(d->common.cpu_bstats), skb);
36
37	action = READ_ONCE(d->tcf_action);
38	if (unlikely(action == TC_ACT_SHOT))
39	goto drop;
40
41	max_edit_len = skb_mac_header_len(skb);
42	p = rcu_dereference_bh(d->skbmod_p);
43	flags = p->flags;
44
45	/ tcf_skbmod_init() guarantees "flags" to be one of the following:*
46	* 1. a combination of SKBMOD_F_{DMAC,SMAC,ETYPE}
47	* 2. SKBMOD_F_SWAPMAC
48	* 3. SKBMOD_F_ECN
49	* SKBMOD_F_ECN only works with IP packets; all other flags only work with Ethernet
50	* packets.
51	*/
52	if (flags == SKBMOD_F_ECN) {
53	switch (skb_protocol(skb, skip_vlan: true)) {
54	case cpu_to_be16(ETH_P_IP):
55	case cpu_to_be16(ETH_P_IPV6):
56	max_edit_len += skb_network_header_len(skb);
57	break;
58	default:
59	goto out;
60	}
61	} else if (!skb->dev \|\| skb->dev->type != ARPHRD_ETHER) {
62	goto out;
63	}
64
65	err = skb_ensure_writable(skb, write_len: max_edit_len);
66	if (unlikely(err)) / best policy is to drop on the floor /
67	goto drop;
68
69	if (flags & SKBMOD_F_DMAC)
70	ether_addr_copy(dst: eth_hdr(skb)->h_dest, src: p->eth_dst);
71	if (flags & SKBMOD_F_SMAC)
72	ether_addr_copy(dst: eth_hdr(skb)->h_source, src: p->eth_src);
73	if (flags & SKBMOD_F_ETYPE)
74	eth_hdr(skb)->h_proto = p->eth_type;
75
76	if (flags & SKBMOD_F_SWAPMAC) {
77	u16 tmpaddr[ETH_ALEN / `2`]; / ether_addr_copy() requirement /
78	/XXX: I am sure we can come up with more efficient swapping/
79	ether_addr_copy(dst: (u8 *)tmpaddr, src: eth_hdr(skb)->h_dest);
80	ether_addr_copy(dst: eth_hdr(skb)->h_dest, src: eth_hdr(skb)->h_source);
81	ether_addr_copy(dst: eth_hdr(skb)->h_source, src: (u8 *)tmpaddr);
82	}
83
84	if (flags & SKBMOD_F_ECN)
85	INET_ECN_set_ce(skb);
86
87	out:
88	return action;
89
90	drop:
91	qstats_overlimit_inc(this_cpu_ptr(d->common.cpu_qstats));
92	return TC_ACT_SHOT;
93	}
94
95	static const struct nla_policy skbmod_policy[TCA_SKBMOD_MAX + `1`] = {
96	[TCA_SKBMOD_PARMS] = { .len = sizeof(struct tc_skbmod) },
97	[TCA_SKBMOD_DMAC] = { .len = ETH_ALEN },
98	[TCA_SKBMOD_SMAC] = { .len = ETH_ALEN },
99	[TCA_SKBMOD_ETYPE] = { .type = NLA_U16 },
100	};
101
102	static int tcf_skbmod_init(struct net net, struct* nlattr *nla,
103	struct nlattr est, struct* tc_action **a,
104	struct tcf_proto *tp, u32 flags,
105	struct netlink_ext_ack *extack)
106	{
107	struct tc_action_net *tn = net_generic(net, id: act_skbmod_ops.net_id);
108	bool ovr = flags & TCA_ACT_FLAGS_REPLACE;
109	bool bind = flags & TCA_ACT_FLAGS_BIND;
110	struct nlattr *tb[TCA_SKBMOD_MAX + `1`];
111	struct tcf_skbmod_params p, p_old;
112	struct tcf_chain *goto_ch = NULL;
113	struct tc_skbmod *parm;
114	u32 lflags = `0`, index;
115	struct tcf_skbmod *d;
116	bool exists = false;
117	u8 *daddr = NULL;
118	u8 *saddr = NULL;
119	u16 eth_type = `0`;
120	int ret = `0`, err;
121
122	if (!nla)
123	return -EINVAL;
124
125	err = nla_parse_nested_deprecated(tb, TCA_SKBMOD_MAX, nla,
126	policy: skbmod_policy, NULL);
127	if (err < `0`)
128	return err;
129
130	if (!tb[TCA_SKBMOD_PARMS])
131	return -EINVAL;
132
133	if (tb[TCA_SKBMOD_DMAC]) {
134	daddr = nla_data(nla: tb[TCA_SKBMOD_DMAC]);
135	lflags \|= SKBMOD_F_DMAC;
136	}
137
138	if (tb[TCA_SKBMOD_SMAC]) {
139	saddr = nla_data(nla: tb[TCA_SKBMOD_SMAC]);
140	lflags \|= SKBMOD_F_SMAC;
141	}
142
143	if (tb[TCA_SKBMOD_ETYPE]) {
144	eth_type = nla_get_u16(nla: tb[TCA_SKBMOD_ETYPE]);
145	lflags \|= SKBMOD_F_ETYPE;
146	}
147
148	parm = nla_data(nla: tb[TCA_SKBMOD_PARMS]);
149	index = parm->index;
150	if (parm->flags & SKBMOD_F_SWAPMAC)
151	lflags = SKBMOD_F_SWAPMAC;
152	if (parm->flags & SKBMOD_F_ECN)
153	lflags = SKBMOD_F_ECN;
154
155	err = tcf_idr_check_alloc(tn, index: &index, a, bind);
156	if (err < `0`)
157	return err;
158	exists = err;
159	if (exists && bind)
160	return `0`;
161
162	if (!lflags) {
163	if (exists)
164	tcf_idr_release(a: *a, bind);
165	else
166	tcf_idr_cleanup(tn, index);
167	return -EINVAL;
168	}
169
170	if (!exists) {
171	ret = tcf_idr_create(tn, index, est, a,
172	ops: &act_skbmod_ops, bind, cpustats: true, flags);
173	if (ret) {
174	tcf_idr_cleanup(tn, index);
175	return ret;
176	}
177
178	ret = ACT_P_CREATED;
179	} else if (!ovr) {
180	tcf_idr_release(a: *a, bind);
181	return -EEXIST;
182	}
183	err = tcf_action_check_ctrlact(action: parm->action, tp, handle: &goto_ch, newchain: extack);
184	if (err < `0`)
185	goto release_idr;
186
187	d = to_skbmod(*a);
188
189	p = kzalloc(size: sizeof(struct tcf_skbmod_params), GFP_KERNEL);
190	if (unlikely(!p)) {
191	err = -ENOMEM;
192	goto put_chain;
193	}
194
195	p->flags = lflags;
196
197	if (ovr)
198	spin_lock_bh(lock: &d->tcf_lock);
199	/ Protected by tcf_lock if overwriting existing action. /
200	goto_ch = tcf_action_set_ctrlact(a: *a, action: parm->action, newchain: goto_ch);
201	p_old = rcu_dereference_protected(d->skbmod_p, `1`);
202
203	if (lflags & SKBMOD_F_DMAC)
204	ether_addr_copy(dst: p->eth_dst, src: daddr);
205	if (lflags & SKBMOD_F_SMAC)
206	ether_addr_copy(dst: p->eth_src, src: saddr);
207	if (lflags & SKBMOD_F_ETYPE)
208	p->eth_type = htons(eth_type);
209
210	rcu_assign_pointer(d->skbmod_p, p);
211	if (ovr)
212	spin_unlock_bh(lock: &d->tcf_lock);
213
214	if (p_old)
215	kfree_rcu(p_old, rcu);
216	if (goto_ch)
217	tcf_chain_put_by_act(chain: goto_ch);
218
219	return ret;
220	put_chain:
221	if (goto_ch)
222	tcf_chain_put_by_act(chain: goto_ch);
223	release_idr:
224	tcf_idr_release(a: *a, bind);
225	return err;
226	}
227
228	static void tcf_skbmod_cleanup(struct tc_action *a)
229	{
230	struct tcf_skbmod *d = to_skbmod(a);
231	struct tcf_skbmod_params *p;
232
233	p = rcu_dereference_protected(d->skbmod_p, `1`);
234	if (p)
235	kfree_rcu(p, rcu);
236	}
237
238	static int tcf_skbmod_dump(struct sk_buff skb, struct* tc_action *a,
239	int bind, int ref)
240	{
241	struct tcf_skbmod *d = to_skbmod(a);
242	unsigned char *b = skb_tail_pointer(skb);
243	struct tcf_skbmod_params *p;
244	struct tc_skbmod opt = {
245	.index = d->tcf_index,
246	.refcnt = refcount_read(r: &d->tcf_refcnt) - ref,
247	.bindcnt = atomic_read(v: &d->tcf_bindcnt) - bind,
248	};
249	struct tcf_t t;
250
251	spin_lock_bh(lock: &d->tcf_lock);
252	opt.action = d->tcf_action;
253	p = rcu_dereference_protected(d->skbmod_p,
254	lockdep_is_held(&d->tcf_lock));
255	opt.flags = p->flags;
256	if (nla_put(skb, attrtype: TCA_SKBMOD_PARMS, attrlen: sizeof(opt), data: &opt))
257	goto nla_put_failure;
258	if ((p->flags & SKBMOD_F_DMAC) &&
259	nla_put(skb, attrtype: TCA_SKBMOD_DMAC, ETH_ALEN, data: p->eth_dst))
260	goto nla_put_failure;
261	if ((p->flags & SKBMOD_F_SMAC) &&
262	nla_put(skb, attrtype: TCA_SKBMOD_SMAC, ETH_ALEN, data: p->eth_src))
263	goto nla_put_failure;
264	if ((p->flags & SKBMOD_F_ETYPE) &&
265	nla_put_u16(skb, attrtype: TCA_SKBMOD_ETYPE, ntohs(p->eth_type)))
266	goto nla_put_failure;
267
268	tcf_tm_dump(dtm: &t, stm: &d->tcf_tm);
269	if (nla_put_64bit(skb, attrtype: TCA_SKBMOD_TM, attrlen: sizeof(t), data: &t, padattr: TCA_SKBMOD_PAD))
270	goto nla_put_failure;
271
272	spin_unlock_bh(lock: &d->tcf_lock);
273	return skb->len;
274	nla_put_failure:
275	spin_unlock_bh(lock: &d->tcf_lock);
276	nlmsg_trim(skb, mark: b);
277	return -`1`;
278	}
279
280	static struct tc_action_ops act_skbmod_ops = {
281	.kind = "skbmod",
282	.id = TCA_ACT_SKBMOD,
283	.owner = THIS_MODULE,
284	.act = tcf_skbmod_act,
285	.dump = tcf_skbmod_dump,
286	.init = tcf_skbmod_init,
287	.cleanup = tcf_skbmod_cleanup,
288	.size = sizeof(struct tcf_skbmod),
289	};
290
291	static __net_init int skbmod_init_net(struct net *net)
292	{
293	struct tc_action_net *tn = net_generic(net, id: act_skbmod_ops.net_id);
294
295	return tc_action_net_init(net, tn, ops: &act_skbmod_ops);
296	}
297
298	static void __net_exit skbmod_exit_net(struct list_head *net_list)
299	{
300	tc_action_net_exit(net_list, id: act_skbmod_ops.net_id);
301	}
302
303	static struct pernet_operations skbmod_net_ops = {
304	.init = skbmod_init_net,
305	.exit_batch = skbmod_exit_net,
306	.id = &act_skbmod_ops.net_id,
307	.size = sizeof(struct tc_action_net),
308	};
309
310	MODULE_AUTHOR("Jamal Hadi Salim, <jhs@mojatatu.com>");
311	MODULE_DESCRIPTION("SKB data mod-ing");
312	MODULE_LICENSE("GPL");
313
314	static int __init skbmod_init_module(void)
315	{
316	return tcf_register_action(a: &act_skbmod_ops, ops: &skbmod_net_ops);
317	}
318
319	static void __exit skbmod_cleanup_module(void)
320	{
321	tcf_unregister_action(a: &act_skbmod_ops, ops: &skbmod_net_ops);
322	}
323
324	module_init(skbmod_init_module);
325	module_exit(skbmod_cleanup_module);
326

source code of linux/net/sched/act_skbmod.c